Microsoft and US No Longer Top Threat Vectors for Q3

During the third quarter of 2011, the threat landscape saw great shifts, replacements, as well as continued cybercriminal efforts. The nature of the attacks seen in the past quarter mostly dealt with software vulnerabilities and different threat infection vectors. This signified possible changes in cybercriminal strategy.

First off, Google replaced Microsoft as the software vendor with the greatest number of reported vulnerabilities for the quarter—82. This is due to the increasing number of vulnerabilities found in Chrome, which continues to grow in popularity. Oracle came in second place, with 63 vulnerabilities, while Microsoft fell to third place with 58 vulnerabilities.

Furthermore, the United States, which normally takes the top spot in the list of spam-sending countries dropped out of the top 10 list and was replaced by India and South Korea. South Korea has earlier expressed willingness to take action in order to reduce the spamming activity in their country by blocking port 25 on a nation wide level.

Trend Micro threat researchers also witnessed a significant shift in terms of cybercriminal attack targets. The attacks have changed from being massive in nature—those aimed at affecting as many users as possible, to targeted, particularly those against large enterprises and government institutions. Research conducted by Trend Micro researchers on these attacks led them to the discovery of one of the most notable groups behind targeted attacks in the third quarter— the LURID downloader.

Attacks against well-known platforms such as mobile devices and social networks ensued. A new DreamDroidLight variant with enhanced capabilities and routines was also spotted in the third quarter. In addition, attacks targeting Facebook and Google+ led users to scams and malicious file downloads.

The security industry also witnessed a couple of wins during the quarter, with the discovery of a SpyEye cybercrime ring led by a cybercriminal named “Soldier” as well as of several FAKEAV affiliate networks.

From the looks of it, the trends seen during the third quarter are already taking place halfway into the fourth quarter, with the addition of attacks leveraging the holidays. Attackers will further hone their attacks to target specific entities and will continue leveraging mobile platforms and social media. If the information revealed by the Esthost takedown is any indication of the kinds of threats that users are set to encounter, then it is critical for users to prepare for the future to prevent being victimized by such threats.